Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 647794

Summary: <sys-devel/patch-2.7.6-r3: NULL pointer dereference in pch.c:intuit_diff_type() causes a crash (CVE-2018-6951)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 652710    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-16 00:35:45 UTC
CVE-2018-6951 (
  An issue was discovered in GNU patch through 2.7.6. There is a segmentation
  fault, associated with a NULL pointer dereference, leading to a denial of
  service in the intuit_diff_type function in pch.c, aka a "mangled rename"
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-03-24 04:09:01 UTC
Upstream fix:

Hopefully next release.
Comment 2 Larry the Git Cow gentoo-dev 2019-03-28 00:33:22 UTC
The bug has been referenced in the following commit(s):

commit 5c55ece4eee17a954740b8ecc03b1cb8ed58c123
Author:     Thomas Deutschmann <>
AuthorDate: 2019-03-28 00:32:30 +0000
Commit:     Thomas Deutschmann <>
CommitDate: 2019-03-28 00:33:05 +0000

    sys-devel/patch: add patches for CVE-2018-{6951,6952}, CVE-2018-1000156
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Thomas Deutschmann <>

 .../patch/files/patch-2.7.6-CVE-2018-1000156.patch | 150 +++++++++++++++++++++
 .../patch/files/patch-2.7.6-CVE-2018-6951.patch    |  29 ++++
 .../patch/files/patch-2.7.6-CVE-2018-6952.patch    |  30 +++++
 ...-files-to-be-missing-for-ed-style-patches.patch |  25 ++++
 sys-devel/patch/patch-2.7.6-r3.ebuild              |  40 ++++++
 5 files changed, 274 insertions(+)
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2019-04-17 18:30:06 UTC
This issue was resolved and addressed in
 GLSA 201904-17 at
by GLSA coordinator Aaron Bauman (b-man).